Share on print
Share on facebook
Share on linkedin
Share on whatsapp
Share on email

This content is valid for Cloud since version 4.2.0

When the account used to call the Appspace Intranet API through our Beezy.Client wrapper is secured with Multi-Factor Authentication we can’t use the PSCredential:

error-mfa.PNG

Instead of using a PSCredential, since Appspace Intranet 4.2 we support MSAL to bypass this MFA scenario.

What do we need to use Beezy.Client with MSAL?

First of all, we need to register an App to our Microsoft 365 tenant Azure AD and configure it with the required permissions.  This App will be our proxy to get valid tokens to call the Appspace Intranet API.
From your Azure Active Directory > App registrations:
  1. New registration: register a new application.
  2. API permissions: add SharePoint delegated permissions AllSites.FullControl and User.Read.All to have available the complete Appspace Intranet API.
  3. Authentication: add platform Mobile and desktop applications and select MSAL only option.

new-registration.PNG

api-permissions.PNG

authentication.PNG

Once the App is registered you just have to save the following values to a CSV file: ClientID, TenantID, RedirectUri and Scope. You can get them from the App overview page (RedirectUri click on the link and Scope is always https://YOUR-SHAREPOINT-TENANT/.default):

get-msal-config.PNG

Example:

csv-msal.PNG

(CSV file format must be like this, with the header in the first line and values in second line)

Calling Beezy.Client with MSAL

As we already have the CSV file with required App configuration settings, we can now use our Beezy.Client from PowerShell with an account secured with Multi-Factor authentication. We just need to do the following:
  1. Load the beezy-Scripts.ps1 file to make it easier to load required objects.
  2. Call the method to get the Beezy.Client with MSAL: $beezyClient = New-BeezyMsalClient $SiteCollectionUrl $MsalConfigCsvPath
  3. You’ll be asked for your account credentials as permissions are delegated. Enter your Microsoft 365 account (Appspace Intranet user). Then you’ll be asked to approve the MFA login (normal MFA flow). Once done, you’re authenticated, we have a valid token and you have the Beezy.Client available.
  4. Get the Appspace Intranet API: $beezyApi = $beezyClient.BeezyApi  
  5. Call the needed method from our API
Example:
call-beezy-api-msal.PNG